The World’s Most Wanted Unauthorized Account Access
By now you have probably heard that you should use strong, unique passwords everywhere. And, MFA (multi-factor authentication) wherever it is available. Especially prioritizing your finance, email and video game accounts, because those are the ones most likely to be targeted by account theives. Today, I want to talk about why those categories of accounts are targeted most often.
“Financial accounts are frequently targeted for misuse” is a statement that requires almost no explanation. Criminals attempt to rob banks because, as the famous pithy quote goes, “That’s where the money is.”
The prevalence of cybercrime related to video games is not as obvious, because these attacks are not particularly profitable. In fact, they are due to the demographics of many cybercriminals. These attackers are disproportionately young people who spend a lot of time on video games and see attacking them as a badge of honor. This is a large part of why some video game companies rolled out MFA (multi-factor authentication) and advanced anti-password-theft mechanisms like geo-fencing quickly, even relative to financial institutions.
Email is targeted for a few reasons. The most obvious is that the vast majority of online account recovery is done by sending an email with a link to reset your passwords – including account recovery for your finance and video game accounts. Less obvious reasons include that impersonating people can be used for other types of fraud, and that a familiar email account’s messages are more trusted, so they can be used to attack more email accounts.
Even if you don’t care who reads your email and don’t keep anything sensitive in there, your email account could be used as a tool to attack the accounts of people who trust you, or identify the banking and credit card accounts you have associated with it, trigger password resets on those, and then steal your accounts.
Fortunately, there is a solution: a truly staggering amount of account theft can be stopped by using MFA, sometimes in concert with other cybersecurity measures. If these defenses are something you’d like help rolling out at your organization, please feel free to contact us today.